Examples with UserRole org.apache.directory.fortress.core.model.UserRole used on opensource projects

Example 31 with UserRole

use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.

the class ReviewMgrConsole method readUser.

/**
 * Description of the Method
 */
void readUser() {
    String userId;
    ReaderUtil.clearScreen();
    try {
        System.out.println("Enter UserId to read:");
        userId = ReaderUtil.readLn();
        User user = new User();
        user.setUserId(userId);
        User ue = rm.readUser(user);
        if (ue != null) {
            System.out.println("USER OBJECT:");
            System.out.println("    userId      [" + ue.getUserId() + "]");
            System.out.println("    internalId  [" + ue.getInternalId() + "]");
            System.out.println("    description [" + ue.getDescription() + "]");
            System.out.println("    common name [" + ue.getCn() + "]");
            System.out.println("    surname     [" + ue.getSn() + "]");
            System.out.println("    orgUnitId   [" + ue.getOu() + "]");
            System.out.println("    pwpolicy    [" + ue.getPwPolicy() + "]");
            printPosixAccount(ue, "POSIX");
            printTemporal(ue, "USER");
            if (ue.getRoles() != null) {
                for (UserRole ur : ue.getRoles()) {
                    printTemporal(ur, "RBACROLE");
                }
            }
            if (ue.getAdminRoles() != null) {
                for (UserAdminRole ur : ue.getAdminRoles()) {
                    printAdminRole(ur);
                    printTemporal(ur, "ADMINROLE");
                }
            }
            if (ue.getProperties() != null && ue.getProperties().size() > 0) {
                int ctr = 0;
                for (Enumeration e = ue.getProperties().propertyNames(); e.hasMoreElements(); ) {
                    String key = (String) e.nextElement();
                    String val = ue.getProperty(key);
                    System.out.println("prop key[" + ctr + "]=" + key);
                    System.out.println("prop value[" + ctr++ + "]=" + val);
                }
            }
        } else {
            System.out.println("    user [" + userId + "] was not found");
        }
        System.out.println("ENTER to continue");
    } catch (SecurityException e) {
        LOG.error("readUser caught SecurityException rc=" + e.getErrorId() + ", msg=" + e.getMessage(), e);
    }
    ReaderUtil.readChar();
}

Example 32 with UserRole

use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.

the class CreateSessionSample method createSessionsWithRolesTrusted.

/**
 * Create RBAC Session and activated supplied Roles.  This scenario perform authentication in trusted manner
 * which does not require User password.
 *
 * @param userId  Case insensitive userId.
 * @param roles array of Role names to activate into RBAC Session.
 * @param expectedRoles integer contains the expected number of Roles in the Session.
 */
public static void createSessionsWithRolesTrusted(String userId, String[] roles, int expectedRoles) {
    String szLocation = ".createSessionsWithRolesTrusted";
    try {
        AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
        // The User entity is used to pass data into the createSession API.
        User user = new User(userId);
        // iterate over array of input Role names.
        for (String roleName : roles) {
            // Add the Role name to list of Roles to be activated on Session.
            user.setRoleName(roleName);
        }
        // The API will verify User is good and perform Role activations.  Request will fail if User is locked out of ldap for any reason.
        Session session = accessMgr.createSession(user, true);
        // createSession will throw SecurityException if fails thus the Session should never be null.
        assertNotNull(session);
        // Get the User's activated Roles.
        List<UserRole> sessRoles = session.getRoles();
        // do some validations
        assertEquals(szLocation + " user role check failed list size user [" + user.getUserId() + "]", expectedRoles, sessRoles.size());
        for (String roleName : roles) {
            assertTrue(szLocation + " userId [" + userId + "]  with roles trusted failed role check", sessRoles.contains(new UserRole(roleName)));
        }
        LOG.info(szLocation + "  userId [" + userId + "] successful");
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught userId [" + userId + "]  SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 33 with UserRole

use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.

the class CreateSessionSample method createSessionsWithRole.

/**
 * Call the AccessMgr createSession API passing a single Role for activation.  Successful RBAC Session should
 * contains same Role activated.
 *
 * @param userId  Case insensitive userId.
 * @param password Password is case sensitive, clear text but is stored in directory as hashed value.
 * @param role contains role name of Role targeted for Activation.
 */
public static void createSessionsWithRole(String userId, String password, String role) {
    String szLocation = ".createSessionsWithRole";
    try {
        // Instantiate the AccessMgr implementation which perform runtime RBAC operations.
        AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
        // The User entity is used to pass data into the createSession API.
        User user = new User(userId, password, role);
        // The API will authenticate the User password, evaluate password policies and perform Role activations.
        Session session = accessMgr.createSession(user, false);
        // createSession will throw SecurityException if fails thus the Session should never be null.
        assertNotNull(session);
        // do some validations
        // Get the User's activated Roles.
        List<UserRole> sessRoles = session.getRoles();
        assertTrue(szLocation + " userId [" + userId + "]  with roles failed role check", sessRoles.contains(new UserRole(role)));
        LOG.info(szLocation + "  userId [" + userId + "] successful");
    } catch (SecurityException ex) {
        LOG.error(szLocation + " userId [" + userId + "]  caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 34 with UserRole

use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.

the class CreateUserRoleSample method testAssignComplexRole.

/**
 */
public static void testAssignComplexRole() {
    String szLocation = ".testAssignComplexRole";
    // The key for User entity is the userId attribute.
    User inUser = new User(CreateUserSample.TEST_USERID);
    try {
        // Instantiate the AdminMgr implementation which is used to provision RBAC policies.
        AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
        // Create roles, sampleRole1 - sampleRole10
        for (int i = 1; i < 11; i++) {
            // OpenAccessManagers UserRole entity may override Role's temporal constraints.
            // The key for User-Role addition is userId and role name.
            UserRole inUserRole = new UserRole(inUser.getUserId(), CreateRoleSample.TEST_ROLE_PREFIX + i);
            // Set some random constraints, whatever doesn't get set here will be provided by Constraints in corresponding Role defined in {@code ou=Roles}.
            // Don't set Role start date (accept default):
            // Override default on Role end date:
            inUserRole.setEndDate("21410101");
            // Override Role beginTime:
            inUserRole.setBeginTime("0000");
            // Don't set the Role endTime.
            // Override Role dayMask to Mon, Tue, Wed, Thur, Fri, Sat & Sun.
            inUserRole.setDayMask("1234567");
            // Override the Role beginLockDate to Jan 15, 2112
            inUserRole.setBeginLockDate("21120115");
            // Override the Role endLockDate to Feb 15, 2112.
            inUserRole.setEndLockDate("21120215");
            // Call the API to assign the Role to the User entity.  This will add 'oamRA' and 'oamRC' attributes to the 'oamUserAttrs' object class.
            adminMgr.assignUser(inUserRole);
        }
        // Instantiate the ReviewMgr implementation which is used to interrogate policy information.
        ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
        // Return the list of Roles assigned to User.  The User - Role assignments are loaded into the UserRole entity:
        List<UserRole> assignedRoles = reviewMgr.assignedRoles(inUser);
        // Iterate over list of Roles assigned to User.
        for (UserRole userRole : assignedRoles) {
            LOG.info(szLocation + " userId [" + userRole.getUserId() + " roleNm [" + userRole.getName() + "]");
        }
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 35 with UserRole

use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.

the class CreateUserRoleSample method testDeassignRoles.

/**
 */
public static void testDeassignRoles() {
    String szLocation = ".testDeassignRoles";
    if (AllSamplesJUnitTest.isFirstRun()) {
        return;
    }
    // The key for User entity is the userId attribute.
    User inUser = new User(CreateUserSample.TEST_USERID);
    try {
        // Instantiate the ReviewMgr implementation which is used to interrogate policy information.
        ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
        // This should return null because all Roles assigned to User were removed above:
        List<UserRole> assignedRoles = reviewMgr.assignedRoles(inUser);
        if (assignedRoles != null) {
            // Instantiate the AdminMgr implementation which is used to provision RBAC policies.
            AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
            for (UserRole uRole : assignedRoles) {
                // Call the API to deassign the Role from the User entity.  This will remove 'oamRA' and 'oamRC' attributes from the 'oamUserAttrs' object class.
                adminMgr.deassignUser(uRole);
            }
        }
        // This should return null because all Roles assigned to User were removed above:
        assignedRoles = reviewMgr.assignedRoles(inUser);
        assertTrue(szLocation + " failed deassign test", assignedRoles.size() == 0);
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}